DIGITALEUROPE™ 


Industry welcomes new international 
standards for Cloud Computing 


ISO/IEC 27018, 17788 and 17789 


Brussels, 10 November 2014 








INTRODUCTION 


Cloud Computing is developing quickly worldwide and provides a broad range of highly valuable and appreciated services 
to a wide variety of users. In this context, DIGITALEUROPE welcomes the work performed by ISO/IEC JTC 1 to develop 
relevant international standards in this domain. Three important cloud computing standards have recently been published, 
with more under development. 


ISO/IEC 27018: Information technology -- Security techniques -- Code of practice for 
protection of personally identifiable information (PII) in public clouds acting as PII 
processors 


The ISO/IEC 27018: is the first international standard setting privacy requirements for cloud computing services. It was 
published on July 30" 2014 and is now available for broad use in any country or region. It has been developed taking into 
account applicable European regulations for the protection of personal data’ as well as the Article 29 Working Party’s (the 
European Data Protection Authorities), Opinion 05/2012 on Cloud Computing. Furthermore significant input from CNIL, the 
French data protection authority, and other data protection authorities have been put into this standard to make sure 
ISO/IEC 27018 takes into account the CNIL’s and Article 29 Working Party perspectives on the protection of personal data 
in a cloud computing context. 


DIGITALEUROPE encourages the European regulators to give full consideration to this international standard in connection 
with cloud computing policy initiatives. In particular, DIGITALEUROPE recommends for the European Commission to ensure 
that the EU Code of Conduct for cloud service providers leverages ISO/IEC 27018 to avoid creating inconsistent 
requirements and to facilitate reviewing the compliance of a cloud service to the Code. 


ISO/IEC 17788: Information technology -- Cloud Computing - Overview and 
Vocabulary, and ISO/IEC 17789: Information technology -- Cloud computing -- 
Reference architecture 

Given the global nature of cloud computing, it is necessary to be able to rely on common vocabulary, concepts and 


architectures. In that context, ISO/IEC 177887 and 17789% are expected to facilitate the elaboration of cloud computing 
policies in line with international best practices. These two standards are the result of joint work between ISO/IEC JTC1 and 





1 The standard is available at: http://www.iso.org/iso/catalogue_detail.htm?csnumber=61498 

2 This includes the directive EC/95/46 for the protection of personal data as well as its national transpositions. 

3 The standard is freely available at: http://standards.iso.org/ittf/PubliclyAvailableStandards/c060544_|ISO_IEC_17788_2014.zip, also 
published as ITU Y.3500 — http://www. itu.int/rec/T-REC-Y.3500-201408-|/en 

4 The standard is freely available at: http://standards.iso.org/ittf/PubliclyAvailableStandards/c060545_ISO_IEC_17789_2014.zip , also 
published as ITU Y.3502 - http://www. itu.int/rec/T-REC-Y.3502-201408-|/en 
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ITU-T and have been formally approved by both international standardization organizations. This joint work allowed for a 
broad coverage of the standards’ scope via substantial inputs from both the IT and the telecom industries. 


DIGITALEUROPE encourages all parties to adopt the cloud computing vocabulary and concepts architecture defined in 
these two international standards. 


LOOKING FORWARD 


The development of ISO/IEC international standards on cloud computing generally takes European policy needs into 
account. The European Commission is, for example, contributing to the development of the various parts of the ISO/IEC 
19086 Information Technology — Cloud Computing — Service Level Agreement (SLA) standard through the Cloud Select 
Industry Group on SLA, and DIGITALEUROPE believes that this will ensure that European needs are duly taken into account 
in this important standard for cloud computing SLAs, which in turn will facilitate the use of ISO/IEC 19086 in European 
policies. 


DIGITALEUROPE also encourages the European Commission to contribute directly to the development of other 
international cloud computing standards which deal with issues that are significant for the EU, for example the ISO/IEC 
19941 Information Technology — Cloud Computing — Interoperability and Portability standard. This will ensure that policy 
requirements can be raised directly and taken into account at an early stage. 


DIGITALEUROPE notes that several policy initiatives aim at elaborating local or regional requirements for cloud computing. 
These initiatives should be aligned with international standards to facilitate the adoption of cloud computing in Europe. 
This will also ensure that European cloud computing champions are fully prepared to expand globally by relying on policies 
already aligned with international best practices. 


Given the efforts to align key international standards for cloud computing, such as the ones mentioned above, with 
European regulatory and policy needs, DIGITALEUROPE invites the European Commission and associated national 
regulators to rely primarily on these international standards for relevant policy initiatives. 


DIGITALEUROPE would like to thank the European Commission for its substantial efforts in promoting cloud computing and 
its benefits. DIGITALEUROPE and its members remain committed to cooperate and contribute on these important topics 


For more information please contact: 
Klaus-Dieter Axt, DIGITALEUROPE’s Director Technical and Regulatory Policy 
+32 2 609 53 22 or klaus-dieter.axt@digitaleurope.org 
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ABOUT DIGITALEUROPE 


DIGITALEUROPE represents the digital technology industry in Europe. Our members include some of the world's largest 
IT, telecoms and consumer electronics companies and national associations from every part of Europe. DIGITALEUROPE 
wants European businesses and citizens to benefit fully from digital technologies and for Europe to grow, attract and 
sustain the world's best digital technology companies. 


DIGITALEUROPE ensures industry participation in the development and implementation of EU policies. 
DIGITALEUROPE’s members include 58 corporate members and 36 national trade associations from across Europe. Our 
website provides further information on our recent news and activities: http://www.digitaleurope.org 





DIGITALEUROPE MEMBERSHIP 


Corporate Members 


Acer, Alcatel-Lucent, AMD, Apple, BlackBerry, Bose, Brother, CA Technologies, Canon, Cassidian, Cisco, Dell, Epson, 
Ericsson, Fujitsu, Hitachi, Hewlett Packard, Huawei, IBM, Ingram Micro, Intel, iQor, JVC Kenwood Group, Konica Minolta, 
Kyocera, Lenovo, Lexmark, LG Electronics, Loewe, Microsoft, Mitsubishi Electric Europe, Motorola Mobility, Motorola 
Solutions, NEC, Nokia, Nvidia Ltd., Océ, Oki, Oracle, Panasonic Europe, Philips, Pioneer, Qualcomm, Ricoh Europe PLC, 
Samsung, SAP, Schneider Electric IT Corporation, Sharp Electronics, Siemens, Sony, Swatch Group, Technicolor, Texas 
Instruments, Toshiba, TP Vision, Western Digital, Xerox, ZTE Corporation. 


National Trade Associations 


Belarus: INFOPARK Greece: SEPE Slovakia: ITAS 

Belgium: AGORIA Hungary: IVSZ Slovenia: GZS 

Bulgaria: BAIT Ireland: ICT IRELAND Spain: AMETIC 

Cyprus: CITEA Italy: ANITEC Sweden: Foreningen 
Denmark: DI ITEK, IT-BRANCHEN Lithuania: INFOBALT Teknikforetagen, 

Estonia: ITL Netherlands: Nederland ICT, FIAR IT&Telekomfdretagen 
Finland: FTTI Norway: IKT NORGE Switzerland: SWICO 
France: Force Numérique, Poland: KIGEIT, PIIT Turkey: ECID, TESID, TUBISAD 
SIMAVELEC Portugal: AGEFE Ukraine: IT UKRAINE 
Germany: BITKOM, ZVEI Romania: ANIS, APDETIC United Kingdom: techUK 
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